[SECURITY] [DLA 356-1] libsndfile security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 356-1] libsndfile security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Mon, 30 Nov 2015 14:40:13 +0100 (CET)
Message-id: <[🔎] alpine.DEB.2.02.1511301436380.7780@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libsndfile
Version        : 1.0.21-3+squeeze2
CVE ID         : CVE-2014-9496 CVE-2014-9756 CVE-2015-7805
Debian Bug     : 774162 804445 804447

CVE-2014-9496

    The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows
    attackers to have unspecified impact via vectors related to a (1) map
    offset or (2) rsrc marker, which triggers an out-of-bounds read.

CVE-2014-9756

    The psf_fwrite function in file_io.c in libsndfile allows attackers to
    cause a denial of service (divide-by-zero error and application crash)
    via unspecified vectors related to the headindex variable.

CVE-2015-7805

    Heap-based buffer overflow in libsndfile 1.0.25 allows remote
    attackers to have unspecified impact via the headindex value in the
    header in an AIFF file.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJWXFG9XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHxCAP/03AIsL8I0TP1fWQMyAuKmAX
KAor5iWNCOpthjmahimU12R5YgGKKdNzrnHq5xEH7T+7p3yI2NMGo9Bix2SeV1iE
bvOd7ztd2goZ/16YTkJ5FIyDh4K9jt4E6V2IV5M4zubd5PsAAcqSUjVEuAj23Atz
R59H6wb47TbRvDKUlr7vY39pUgkA3B1uJzc2+ezbDD2pyGLeWx2SqD2ASKqMLHsQ
62OzRsR645RBeknddtQzI+kR5ikMgb3AjSInV7Q9f1TdWTmQg3QWCW/xJ6TTMJPN
8mIqX/4zEBEyeLyR3meg6M73mu8+ujEigxa4cEroJGSatOO8JabEet/6GDHH5QQK
yZM441EjGNn/yJj1+hpbkYLQjkknQXXh9Sn8vL98WPb1mc6q/6mNbZ51dFq6lKjW
ubLOzgw+R1IRyCkCzjsZzXJ22z3TfwuIEI+fhTy3wAbpKTa1ju1QtFaTVGUeRfpn
QQ9k412xrgrWVzK5dQawFpHi042Sv/QgR4J0V9qIf7t+Vh1CDA4xZO6C9RiQsvea
y2IMwwDTr5szW7d1tfb86lYgvE+TPgTajrFT79B3CzWNjLcXUzjo0Y9AXD5wCvf4
68acZpM+csiZb9GB5mfdbG0SzULfEmqi7OJSJs2DJR2dACsVEKS10gCnHGwI5Nxv
aTqbSTRqdcA12caAa155
=aUqa
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 355-1] libxml2 security update
Next by Date: [SECURITY] [DLA 357-1] libphp-snoopy security update
Previous by thread: [SECURITY] [DLA 355-1] libxml2 security update
Next by thread: [SECURITY] [DLA 357-1] libphp-snoopy security update
Index(es):
- Date
- Thread